Understanding the Polymorphic Virus

While most people have at least heard of them, not everyone is familiar with the functionality and technical details of a computer virus.  The truth is that no two are exactly the same and their effects vary depending on design and implementation of code.  Some are more subtle and present an annoyance to the user while others pose catastrophic threats capable of destroying an entire operating system.  In either scenario, it is crucial that you take extreme measures to keep these infections away from your computer.

Taking Viruses to the Next Level

The polymorphic virus is one of the more complex computer threats.  During the process of infection, it creates slightly modified, fully functional copies of itself.  This is primarily done to elude the detection of a virus scanner as some are not able to identify different instances of an infection.  One method it commonly uses to bypass a scanner involves self-encryption performed with a variable key.  In order to create an effective polymorphic virus, a coder chooses from a number of different encryption schemes that require different methods of decryption, only one of which will remain plainly visible to all instances of the infection.  A virus scanner based on a string-driven detection would have to find many different strings, one for each probable decryption scheme.  This is the best technique for reliably identifying this type of virus.      

More advanced forms of the polymorphic virus alter the instruction sequences of their variants by interspersing decryption instructions with other instructions designed to fail the process of encryption.  It may also interchange mutually independent instructions to load inaccurate arbitrary values such as moving "0" to "A" or replacing "A" with "B".  A basic virus scanner would have no way to effectively identify all variants of the infection.  Even a more advanced program has to thoroughly research this type of various and make special configurations to their scanner in order to detect it.

The Big Brother of All Polymorphic Viruses

One of the most complex forms of the polymorphic virus known today relies on its MtE (Mutation Engine), which is essentially a type of object module.  The Mutation Engine allows any virus to reach a polymorphic state when implementing specific codes to the program source code and linking to modules able to generate random numbers.

The evolution of polymorphic viruses has made the jobs of many security experts much more difficult.  Adding more scan strings is often a frustrating and expensive task for software developers.  At the same time these additional implementations are needed as the average scanner simply isn't efficient enough to manage these type of viruses. 

You don't have to be a computer technician or an anti-virus expert to know these infections are bad news.  A virus of this nature can easily corrupt your system and go undetected for months; capable of rendering it inoperable if action is not taken in a timely fashion.  Your best defense lies in a scanner equipped with the latest virus definitions.  This will keep the infections out of your system and stop the madness of polymorphism dead in it's tracks

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
You can protect your computer from viruses without expensive software. Instead, follow these simple tips:

Stay up-to-date on all system updates.

Don't download any email attachments you weren't expecting.

Avoid freeware and peer-to-peer sharing sites.

Use alternative web browsers and email software.